What does the next decade of cybersecurity hold? Few can answer that better than Shlomo Kramer—co-founder of Check Point and Imperva, and founder & CEO of Cato Networks. In a candid conversation on the CloudNext podcast, Shlomo shared bold predictions and actionable strategies for navigating the challenges and opportunities ahead. From the rise of SASE […]
73% of CISOs fear a material cyberattack in the next 12 months, with over three-quarters convinced AI is advancing too quickly for existing methods to combat it. But what can CISOs do to prepare for the coming wave – and access the resources they need to deal with this evolving threat landscape?
To find out, we talked to Gady Margalit, CISO at esh Bank Israel, and Noam Brosh, Director of Information Security at Hunters – whose combined 45+ years made them the perfect guides to this challenging moment.
How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%
Here are three key takeaways from the conversations:
1. Invest in Risk Assessments
Many CISOs want to rush to remediate every threat at once, but this is often actively counterproductive. Just 40% of companies run even annual risk assessments, which leaves them effectively blind to many of the biggest threats they face. That is why Brosh insists companies should invest in thorough, organization-wide risk assessments and make difficult strategic decisions about which factors to prioritize.
This may produce surprising results, as many of the biggest “trends” in cybercrime are not directly related to technical weaknesses. Margalit cites credential theft as an example: 60% of attacks are the result of this practice, and they don’t stem from a weakness in the cybersecurity system – they are achieved through social engineering or takeovers like the “0ktapus” phishing campaign.
2. Focus on Evolution, Not Revolution
Cybersecurity infrastructure cannot be rushed, and CISOs must focus on a gradual evolution rather than a sudden, disruptive revolution. This involves identifying which factors your organization should have in place and funneling energy into filling those gaps. “You must choose your battles according to your critical needs,” Brosh says.
For example, most startups should use Secure Access Service Edge (SASE) as their guiding principle. “Most startups work with laptops,” Margalit explains. “Everything gets mixed up. That means there’s no protection against data leakage, and no control over what comes in, goes out, or gets installed.”
While some professionals may think that simply introducing a VPN solves these issues, SASE goes far beyond that. “SASE,” Margalit shares, “includes components like Cloud Access Security Brokers (CASBs), Secure Web Gateways, and Zero Trust Network Access (ZTNA). Furthermore, many startups don’t even have a firewall in place—and introducing one will be the fastest, most impactful way to improve their security posture.”
3. Reframe Threats as Business Risks
Resource limitations are a constant concern for cybersecurity; the average annual increase in security budgets has dipped considerably in the last few years, as has hiring – both of which make life considerably more challenging for overworked and understaffed leaders. However, Margalit argues the issue is not about access to financial resources but rather a question of trust between the cybersecurity teams and the C-suite.
“I’ve never seen a board of directors be told there’s a significant risk and respond, ‘We don’t have the budget’,” he says. Instead, he argues leaders will almost always receive the funding they need – as long as they can adequately demonstrate the risk involved.
“Today, directors have personal liability,” Margalit points out. “If you present the problem as a business risk – not a theoretical threat – you’ll get what you need.” This is echoed by Brosh, who claims that cybersecurity should be merged with business intelligence to enable a single, seamless way of monitoring the impact of risk on operations and the bottom-line.
Combat Emerging Threats with the Right Partner
Ultimately, Margalit and Brosh agreed on one core fact: your choice of partners is crucial to success in 2025. “Attention to details is key,” Brosh says. ”As is having a robust SLA.” Margalit adds, “You need someone to help you translate products into the business context. They shouldn’t be trying to push solutions—they should be trying to help you.'”
That is the role GlobalDots plays for CISOs around the world. Our speakers recommended organizations adopt SASE to protect against 2025’s most urgent threats, such as credential theft, “0ktapus” phishing campaigns and data leakage. GlobalDots provides a curated portfolio of battle-tested solutions that meet all these needs and more. We can connect you with the best CASBs, Secure Web Gateways, ZTNAs – as well as helping you plan, implement and proactively manage them.
Want a proven partner to help you navigate the evolving threat landscape in 2025?